Like many of the ultra-secure phones that have come to market in thewake of Edward Snowden's leaks, the CryptoPhone 500, which is marketedin the U.S. by ESD America and built on top of an unassuming SamsungGalaxy SIII body, features high-powered encryption. Les Goldsmith, theCEO of ESD America, says the phone also runs a customized or "hardened"version of Android that removes 468 vulnerabilities that his engineeringteam team found in the stock installation of the OS.

His mobile security team also found that the version of the Android OSthat comes standard on the Samsung Galaxy SIII leaks data to partsunknown 80-90 times every hour. That doesn't necessarily mean that thephone has been hacked, Goldmsith says, but the user can't know whetherthe data is beaming out from a particular app, the OS, or an illicitpiece of spyware. His clients want real security and control over theirdevice, and have the money to pay for it.

To show what the CryptoPhone can do that less expensive competitorscannot, he points me to a map that he and his customers have created,indicating 17 different phony cell towers known as “interceptors,”detected by the CryptoPhone 500 around the United States during themonth of July alone. (The map below is from August.) Interceptors lookto a typical phone like an ordinary tower. Once the phone connects withthe interceptor, a variety of “over-the-air” attacks become possible,from eavesdropping on calls and texts to pushing spyware to the device.

“Interceptor use in the U.S. is much higher than people hadanticipated,” Goldsmith says. “One of our customers took a road tripfrom Florida to North Carolina and he found 8 different interceptors onthat trip. We even found one at South Point Casino in Las Vegas.”

Who is running these interceptors and what are they doing with thecalls? Goldsmith says we can’t be sure, but he has his suspicions.

“What we find suspicious is that a lot of these interceptors are righton top of U.S. military bases. So we begin to wonder – are some of themU.S. government interceptors? Or are some of them Chineseinterceptors?” says Goldsmith. “Whose interceptor is it? Who are they,that's listening to calls around military bases? Is it just theU.S. military, or are they foreign governments doing it? The point is:we don't really know whose they are.”

Post by Thad FloryanWho is running these interceptors and what are they doing with thecalls? Goldsmith says we can’t be sure, but he has his suspicions.

If they're illegal, all one has to do is cut the power to them or otherwisedisable them and see who comes running. The question is easily solved.

Yet no one has done that apparently. A cell "tower" can be physicallysmall and easily hidden. Think of the femtocells that several cellphonevendors make available for purchase or rent though I doubt something thatsize would be able to "service" an area as large as has been suggested inthe PopSci article (e.g., interception is occurring while driving alongfreeways, highways and presumably anywhere else in the "service" area).

As written in the PopSci article:

" What we find suspicious is that a lot of these interceptors areright on top of U.S. military bases."

The situation could be similar to that which existed around theLockheed/BlueCube complex at US101 and Hwy 237: approach the areaand you would be shot dead with no warning according to the signsthat I saw there in the 1960s when I had to visit Lockheed Missilesand Space Company with "equipment" I carried from the ElectronicsDefense Labs (EDL) 1/4 mile away in Mountain View in the area boundedby 237, Evelyn Ave, Ferguson Drive, and Whisman Road -- that entirearea is now a condo development, and even the train tracks on whatwas the EDL's spur are now history.

Most likely some 3-letter agency is operating them and, as we know,the NSA and cohorts will get off with just a slap on the wrist forall the spying within the USA they've been doing given how the USConstitution is being eroded/ignored by the present administrationusing Executive Orders to bypass Congress and the US Supreme Court.

Post by Thad FloryanWho is running these interceptors and what are they doing with thecalls? Goldsmith says we can???t be sure, but he has his suspicions.

If they're illegal, all one has to do is cut the power to them or otherwisedisable them and see who comes running. The question is easily solved.

How naive. This assumes that someone in power cares about shuttingthese towers down.

Post by Thad FloryanMost likely some 3-letter agency is operating them and, as we know,the NSA and cohorts will get off with just a slap on the wrist forall the spying within the USA they've been doing given how the USConstitution is being eroded/ignored by the present administrationusing Executive Orders to bypass Congress and the US Supreme Court.

I'd almost prefer it be our government operating these shadow towersthan some commercial entity (or worse, another nation's government).At least our own government is too incompetent to do anything seriouswith most of the information they've gathered, and too unmotivated to doanything serious with most of the rest. (Small comfort to those few thegovernment *does* end up targeting based on data from these towers.)

Post by David KayeIf they're illegal, all one has to do is cut the power to them or otherwisedisable them and see who comes running. The question is easily solved.

How naive. This assumes that someone in power cares about shuttingthese towers down.

Why is my solution naive? I said nothing about anybody "in power" or thegovernment or anything. I simply said that disabling the unit would yieldan answer as to who's responsible. WHY do you trash everything I write?Don't you have any hobbies, Keith Keller?

---This email is free from viruses and malware because avast! Antivirus protection is active.http://www.avast.com

Post by Thad Floryanhttp://www.sfgate.com/technology/businessinsider/article/Mysterious-Fake-Cellphone-Towers-Are-Intercepting-5731884.phphttp://www.popsci.com/article/technology/mysterious-phony-cell-towers-could-be-intercepting-your-callsLike many of the ultra-secure phones that have come to market in thewake of Edward Snowden's leaks, the CryptoPhone 500, which is marketedin the U.S. by ESD America and built on top of an unassuming SamsungGalaxy SIII body, features high-powered encryption. Les Goldsmith, theCEO of ESD America, says the phone also runs a customized or "hardened"version of Android that removes 468 vulnerabilities that his engineeringteam team found in the stock installation of the OS.His mobile security team also found that the version of the Android OSthat comes standard on the Samsung Galaxy SIII leaks data to partsunknown 80-90 times every hour. That doesn't necessarily mean that thephone has been hacked, Goldmsith says, but the user can't know whetherthe data is beaming out from a particular app, the OS, or an illicitpiece of spyware. His clients want real security and control over theirdevice, and have the money to pay for it.To show what the CryptoPhone can do that less expensive competitorscannot, he points me to a map that he and his customers have created,indicating 17 different phony cell towers known as “interceptors,”detected by the CryptoPhone 500 around the United States during themonth of July alone. (The map below is from August.) Interceptors lookto a typical phone like an ordinary tower. Once the phone connects withthe interceptor, a variety of “over-the-air” attacks become possible,from eavesdropping on calls and texts to pushing spyware to the device.“Interceptor use in the U.S. is much higher than people hadanticipated,” Goldsmith says. “One of our customers took a road tripfrom Florida to North Carolina and he found 8 different interceptors onthat trip. We even found one at South Point Casino in Las Vegas.”Who is running these interceptors and what are they doing with thecalls? Goldsmith says we can’t be sure, but he has his suspicions.“What we find suspicious is that a lot of these interceptors are righton top of U.S. military bases. So we begin to wonder – are some of themU.S. government interceptors? Or are some of them Chineseinterceptors?” says Goldsmith. “Whose interceptor is it? Who are they,that's listening to calls around military bases? Is it just thewe don't really know whose they are.”{ l-o-n-g article continues at the above Popular Science URL }

The most likely explanation is that someone is trying to generate salesof secure phones.

Post by Thad FloryanHis mobile security team also found that the version of the Android OSthat comes standard on the Samsung Galaxy SIII leaks data to partsunknown 80-90 times every hour.

Parts unknown? Pardon my suspicious nature but Wireshark would showthe IP addresses of the destination rather easily. Something israther fishy in the vague nature of these cell phone leaks. Mostlikely, it's all the stupid applications phoning home informing themothership that their customers are using their application. Tobetter improve the quality of the product, of course. Actually, Idon't recall any app that doesn't phone home. Fire up Wireshark andsniff the outgoing traffic on a typical PC, and you'll see the sametype of traffic.

Post by Thad Floryancannot, he points me to a map that he and his customers have created,indicating 17 different phony cell towers known as _interceptors_

I love user generated maps.One in my zip code was in the middle of a lake, probably because theusers reporting the location, were, on average, in the middle of the lake.That location has since migrated towards a nearby highway, as more GPSenabled phones happen to be checking their maps as they drive by.

The location of the phone when it reports being connected to a tower hasvery little to do with the location of the tower, if the only usable roadsare nowhere near the tower.

"Right on top of military bases". Hmmm. My company used to forbid sshsessions from leaving the premises, but allowed telnet, because that meantthat they could sniff the packets. Would said "military base" haveanything to fear from encrypted cellular calls?

I took another look at the screen shots (above) and noticed that quitea bit of important information is missing. For example, the towernumber, operator ID, system number, and tower ID. If this applicationreally does have access to the baseband processor (which I doubt),then such information would easily be available. Something like this:<Loading Image...>Basically, there's no information available with which to identify thetower, operator, system, or location (BSlat/BSlong). For all I know,it could be some broken Android software, or a misconfigured MVNO basestation.

I took another look at the screen shots (above) and noticed that quitea bit of important information is missing. For example, the towernumber, operator ID, system number, and tower ID. If this applicationreally does have access to the baseband processor (which I doubt),<http://802.11junk.com/jeffl/crud/CDMA-data.jpg>Basically, there's no information available with which to identify thetower, operator, system, or location (BSlat/BSlong). For all I know,it could be some broken Android software, or a misconfigured MVNO basestation.

I haven't been following this since the moderator of comp.dcom.telecomand I have had a "discussion" about his refusal to allow posting theadditional URLs that I posted to c.d.t and it's likely I'll never beposting there again. Here are the additional URLs:

I took another look at the screen shots (above) and noticed that quitea bit of important information is missing. For example, the towernumber, operator ID, system number, and tower ID. If this applicationreally does have access to the baseband processor (which I doubt),<http://802.11junk.com/jeffl/crud/CDMA-data.jpg>Basically, there's no information available with which to identify thetower, operator, system, or location (BSlat/BSlong). For all I know,it could be some broken Android software, or a misconfigured MVNO basestation.

I haven't been following this since the moderator of comp.dcom.telecomand I have had a "discussion" about his refusal to allow posting theadditional URLs that I posted to c.d.t and it's likely I'll never beposting there again.

Three of the above URLs simply quote the original Popular Sciencearticle and add no new information. The problems that I'm having iswith the original Popular Science article screen shots and total lackof useful information for locating or identifying the 17 sites.Usually, such articles select one of the sites, and provide the towerID, operator ID, FCC tower ID (if applicable), and informationsufficient to determine that the associated information might be forreal. That was not done here.

The above URLs are all on smartphones that provide additionalencryption. While interesting, they have nothing to do with thealleged "intercept" towers except that the software was used toidentify that the encryption may have been disabled.

The ArsTechnica article is interesting in that it discusses theimpending demise of Stingray tracking. Note that Stingray requires afake cell site in order to operate. Normally, this is nothing morethan a cell phone and the Stingray device driving around in a policecar in the area where the target phone is expected:<http://blogs.wsj.com/digits/2011/09/21/how-stingray-devices-work/>It would be inordinately difficult and expensive to equip a completefake cell site with Stingray devices solely to listen on a fewconversation or track a few individuals within its limited range.

Post by Jeff LiebermannThe ArsTechnica article is interesting in that it discusses theimpending demise of Stingray tracking. Note that Stingray requires afake cell site in order to operate. Normally, this is nothing morethan a cell phone and the Stingray device driving around in a police<http://blogs.wsj.com/digits/2011/09/21/how-stingray-devices-work/>

From the above:

"Law enforcement and the military are using devices called stingrays totrack cellphones, as described in a story in todays Wall Street Journal."

Okay so far

"The government considers the devices sensitive information"

You usually don't share sensitive information with garden-varietyLEO's.

Post by Jeff LiebermannIt would be inordinately difficult and expensive to equip a completefake cell site with Stingray devices solely to listen on a fewconversation or track a few individuals within its limited range.

Want my opinion? It's spying by the Chinese, Russian, or any take-your-pickenemy government. Governments spy on each other's citizens all the time.I'm reminded of an Air France matter where in-flight pillows were bugged inorder to get competitive business information about American companies forthe French government. I can't remember which industry it was but I have avague recollection that it had to do with banking.

Certainly, the U.S. government wouldn't need cell sites when they canalready tap into anything at any time.

---This email is free from viruses and malware because avast! Antivirus protection is active.http://www.avast.com